Packaging now standard, dependency proxy next?

May 10, 2019 · 1 min read · Leave a comment
Tanuki GitLab profile

Today, GitHub announced that GitHub package registry is in public beta. Following up on GitHub’s Actions announcement late last year, it appears that GitHub is embarking on integrating more DevOps tools into a single application experience for its users.

GitLab has been building a single application for the entire DevOps lifecycle since combining CI with SCM in 2012, and released integrated packaging back in 2016 – starting with a Docker registry – and adding Maven and NPM in 2018. You can find our plans for adding further packaging capabilities on our public packaging roadmap.

GitLab’s private, secure container registry and artifact repositories are built in and preconfigured to work seamlessly with GitLab source code management and CI/CD pipelines.

We are also embarking on making package management more secure and auditable for the users of packages with a [Dependency Proxy](/direction/package/#dependency-proxy. GitLab users will be able to block and delay packages that are suspect and trace where vulnerable packages were used. This will increase performance, cost efficiency, and the stability of your tests and deployments.

"It is good for users that Microsoft is now innovating with new features for GitHub after the acquisition,” said Sid. “GitLab already offers package registries, along with features in all 10 stages of a DevOps lifecycle, including deployment, security, and monitoring. We have seen that customers definitely value the benefits of a single application for DevOps.”

Photo by Leone Venter on Unsplash

Open in Web IDE View source